How Do We Talk Ourselves Into These Things?

Biometric authentication offers promise for mobile security, but its adoption can be controversial, both from a usability and security perspective. We describe a preliminary study, comparing recollections of biometric adoption by computer security experts and non-experts collected in semi-structured interviews. Initial decisions and thought processes around biometric adoption were recalled, as well as changes in those views over time. These findings should serve to better inform security education across differing levels of technical experience. Preliminary findings indicate that both user groups were influenced by similar sources of information; however, expert users differed in having more professional requirements affecting choices (e.g., BYOD). Furthermore, experts often added biometric authentication methods opportunistically during device updates, despite describing higher security concern and caution. Non-experts struggled with the setting up fingerprint biometrics, leading to poor adoption. Further interviews are still being conducted.

[1]  Rick Wash,et al.  Stories as informal lessons about security , 2012, SOUPS.

[2]  L. Jean Camp,et al.  Mental Models of Security Risks , 2007, Financial Cryptography.

[3]  A. Strauss,et al.  Basics of Qualitative Research , 1992 .

[4]  Blase Ur,et al.  Biometric authentication on iPhone and Android: Usability, perceptions, and influences on adoption , 2015 .

[5]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[6]  Rick Wash,et al.  Identifying patterns in informal sources of security information , 2015, J. Cybersecur..

[7]  Heinrich Hußmann,et al.  I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones , 2015, CHI.

[8]  Nhan Nguyen,et al.  "...better to use a lock screen than to worry about saving a few seconds of time": Effect of Fear Appeal in the Context of Smartphone Locking Behavior , 2017, SOUPS.

[9]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[10]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[11]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[12]  Melanie Volkamer,et al.  Mental Models - General Introduction and Review of Their Application to Human-Centred Security , 2013, Number Theory and Cryptography.